If you are a company that handles and/or collects your client’s personal data, you might be in trouble. Prior to May 25, 2018, the only real data privacy protections we saw were the Children’s Online Privacy Protection Act (COPPA), enacted in 2000 to protect children from online predators. Then, the European Union enforced the General Data Protection Regulations (GDPR) as the first big regulatory shift in Data Protection since 2000, which mandated inter alia, that business enact appropriate technical and organizational measures to implement data protection, information systems must be designed with data regulations in mind, privacy settings must be revised and can be revoked, and that a Data Protection Officer (DPO) must be assigned to be responsible for managing GDPR Compliance. Essentially, GDPR gives EU citizens greater control over their personal data, privacy and consent.
Then the California Consumer Protection Act (CCPA) took effect January 1, 2020, despite some major pushback from Silicon Valley. It armed all residents of California with a comprehensive new arsenal of privacy rights, including the right to request a disclosure of any personal data shared and the right to request the permanent deletion of that data. The CCPA applies to any business, including any for-profit entity that collects consumers’ personal data, which does business in California, and satisfies at least one of the following thresholds:
Although the statute was put into effect on January 1, 2020, the only enforcement of the statute as of that date relates to suits involving data security breaches. A company cannot be a defendant in a civil action for the privacy-oriented provisions of the CCPA until July 1, 2020 – when the Attorney General can bring enforcement actions founded on any provision of the CCPA (regardless of whether such a provision relates to privacy or security, or one of the Attorney General’s regulations).
Why Interim Talent Is the Best Way to Go
If you are an in-house attorney, these rules likely affect your company and while you still must perform your normal day-to-day responsibilities, you now have so much more on your plate to prevent lawsuits for non-compliance.
In the current climate, where we are all forced to work from home, it is nearly impossible to interview suitable candidates who can join your team full-time as Privacy Officers and help with the July 1, 2020, deadline. Instead, data privacy-related work is particularly well-suited to the interim talent model because experts can join your team immediately, without required full-time overhead and the option to convert to permanent later on still exists but is not required. Here are a few other reasons why interim legal talent is a smart move for your legal team:
Data privacy is a convoluted, ever-changing area of the law. Cybercrimes are at an all-time high, costing companies billions of dollars — and irreparable customer loyalty — each year. As regulators enforce data privacy requirements with more vigor than ever before, in-house legal teams will find themselves in need of an attorney who knows the ropes.
If another permanent legal hire is not in the cards for your department, an interim lawyer can be the most economical, efficient way forward. An experienced legal recruiter can help you tap into the pool of high-tech interim legal talent and find a lawyer who can help you navigate — and stay one step ahead of — the evolving regulatory landscape.